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for each role r in the role-group assigned to 

for each statement in the form: { r $ R : s} 

r where r is a role, $ indicates the direction, R is a role- 
group and s is a service */ 

if H 2 is closed: /* create a rule if H 2 has a role, r */ 



if the role-group assigned to H 2 contains a role in R, 
then, 

create a positive rule between U, and H 2 with 
service = s 

otherwise, for all host-groups G that contain H 2 : 

if the role-group assigned to G contains a role in R 
create positive rule between H 1 and H 2 with 
service = s 



Replicate the centralized configuration file to every gateway 
interface 

for each gateway interface 

for each rule in the configuration file 

if the source is in the adjacent zone 



FIG. 7 
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set direction to OUT 
else if the destination is in the adjacent zone 

set direciton to IN 
else set direction to BOTH 



FIG. 8 



